Systems for secure collaborative graphical design using secret sharing

ABSTRACT

Systems and methods are disclosed for secret sharing for secure collaborative graphical design. Graphical secret shares are generated from a three-dimensional graphical design and distributed to one or more contributor devices. Contributor graphical designs modifying graphical secret shares may be received from contributor devices. Various corresponding and related systems, methods, and software are described.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of Non-provisional application Ser.No. 15/936,965 filed on Mar. 27, 2018 and entitled “SYSTEMS FOR SECURECOLLABORATIVE GRAPHICAL DESIGN USING SECRET SHARING,” the entirety ofwhich is incorporated herein by reference.

FIELD OF THE INVENTION

The present invention generally relates to the field of computersecurity. In particular, the present invention is directed to methods ofsecret-sharing for secure collaborative graphical design.

BACKGROUND

Collaborative design is an increasingly common practice in moderncomputer design and manufacture. As design challenges become morecomplex, a greater variety of specialized skills is required forsuccess, often requiring the participation of several unrelated entitieshaving the requisite skills. As a result, parties to a particularcollaborative design process may be competitors in past or futureendeavors. These potential competitors may be able to take advantage ofdesigns, design processes, or manufacturing processes revealed to themin the course of a collaborative design session. This is particularly aconcern where multiple competing contributions to the same collaborativedesign are being evaluated to maximize efficiency or minimize cost.

SUMMARY OF THE DISCLOSURE

In one aspect, a system for secret sharing for secure collaborativegraphical design includes a secret owner device having at least aprocessor and a memory, the secret owner device designed and configuredto provide, at the secret owner device, a first three-dimensionalgraphical design, wherein the first three-dimensional graphical designincludes a first three-dimensional form including a firstthree-dimensional shape and a first dimension set in three dimensionsand a plurality of features including at least a local geometricfeature, generate at least a graphical secret share, wherein thegraphical secret share is a graphical design that contains at least onefeature of the first three-dimensional graphical design but lacks atleast one other feature of the first three-dimensional graphical design,wherein generating the at least a graphical secret share furtherincludes generating a second three-dimensional graphical form having asecond three-dimensional shape and a second dimension set in threedimensions, wherein the second three-dimensional graphical form isdistinct from the first three-dimensional graphical form, adding the atleast a local geometric feature to the second three-dimensionalgraphical form, and generating the at least a graphical secret share asa function of the second three-dimensional graphical form and the atleast a local geometric feature, and provide the at least a graphicalsecret share to at least a contributor device.

In another aspect, a method of secret sharing for secure collaborativegraphical design includes providing, at a secret owner device having atleast a processor and a memory, a first three-dimensional graphicaldesign, wherein the first three-dimensional graphical design includes afirst three-dimensional form including a first three-dimensional shapeand a first dimension set in three dimensions and a plurality offeatures including at least a local geometric feature. The methodincludes generating, at the secret owner device, at least a graphicalsecret share. Generating the at least a graphical secret share includesgenerating a second three-dimensional graphical form having a secondthree-dimensional shape and a second dimension set in three dimensions,wherein the second three-dimensional graphical form is distinct from thefirst three-dimensional graphical form, adding the at least a localgeometric feature to the second three-dimensional graphical form, andgenerating the at least a graphical secret share as a function of thesecond three-dimensional graphical form and the at least a localgeometric feature. The three-dimensional graphical design contains atleast a global constraint, and wherein generating the graphical secretshare further comprises generating at least a secret share constraint asa function of the at least a global constraint. The method includestransmitting the at least a graphical secret share to at least acontributor device.

In another aspect, a non-transitory machine-readable storage mediumcontaining machine-executable instructions for performing a method ofsecret sharing for secure collaborative graphical design that includesproviding, at a secret owner device having at least a processor and amemory, a first three-dimensional graphical design, wherein the firstthree-dimensional graphical design includes a first three-dimensionalform including a first three-dimensional shape and a first dimension setin three dimensions and a plurality of features including at least alocal geometric feature, generating, at the secret owner device, atleast a graphical secret share, wherein generating the at least agraphical secret share further includes generating a secondthree-dimensional graphical form having a second three-dimensional shapeand a second dimension set in three dimensions, wherein the secondthree-dimensional graphical form is distinct from the firstthree-dimensional graphical form, adding the at least a local geometricfeature to the second three-dimensional graphical form, and generatingthe at least a graphical secret share as a function of the secondthree-dimensional graphical form and the at least a local geometricfeature, wherein the three-dimensional graphical design contains atleast a global constraint, and wherein generating the graphical secretshare further comprises generating at least a secret share constraint asa function of the at least a global constraint, and transmitting the atleast a graphical secret share to at least a contributor device.

BRIEF DESCRIPTION OF THE DRAWINGS

For the purpose of illustrating the invention, the drawings show aspectsof one or more embodiments of the invention. However, it should beunderstood that the present invention is not limited to the precisearrangements and instrumentalities shown in the drawings, wherein:

FIG. 1 is a block diagram illustrating an exemplary system for securecollaborative graphical design using secret sharing in an embodiment;

FIG. 2 is an isometric diagram illustrating an exemplarythree-dimensional graphical design in an embodiment;

FIG. 3A is an isometric diagram illustrating an exemplary graphicalsecret share in an embodiment;

FIG. 3B is an isometric diagram illustrating an exemplary graphicalsecret share in an embodiment;

FIG. 3C is an isometric diagram illustrating an exemplary graphicalsecret share in an embodiment;

FIG. 3D is an isometric diagram illustrating an exemplary graphicalsecret share in an embodiment;

FIG. 4A is an isometric diagram illustrating an exemplary contributorgraphical design in an embodiment;

FIG. 4B is an isometric diagram illustrating an exemplary contributorgraphical design in an embodiment;

FIG. 4C is an isometric diagram illustrating an exemplary contributorgraphical design in an embodiment;

FIG. 5 is an isometric diagram illustrating an exemplary combinedthree-dimensional graphical design in an embodiment;

FIG. 6 is a block diagram illustrating an exemplary system for securecollaborative graphical design using secret sharing in an embodiment;

FIG. 7 is a block diagram illustrating an exemplary system for securecollaborative graphical design using secret sharing in an embodiment;

FIG. 8 is a flow diagram illustrating an exemplary method ofsecret-sharing for secure collaborative graphical design in anembodiment;

FIG. 9A is a flow diagram illustrating an exemplary method of generatinga graphical secret share in an embodiment;

FIG. 9B is a flow diagram illustrating an exemplary method of generatinga graphical secret share in an embodiment; and

FIG. 10 is a block diagram of a computing system that can be used toimplement any one or more of the methodologies disclosed herein and anyone or more portions thereof.

DETAILED DESCRIPTION

Aspects of the present invention include systems and methods that enablecollaborative design to take place in a more secure fashion through theuse of secret sharing. Graphical secret shares may be generated by acontributor device, automated manufacturing device, or other device,based on a three-dimensional graphical design to be modified bycollaborative editing; each graphical secret share contains only aportion of the features of the three-dimensional graphical design.Modifications to graphical secret shares may be reincorporated inthree-dimensional graphical design to produce a modified design. Secretshare distribution and modification, as well as modifications tothree-dimensional graphical design based on modifications to secretshares, may be performed in a centralized or decentralized architecture.

Referring to FIG. 1, an embodiment of a system 100 for securecollaborative graphical design using secret sharing is illustrated. Thesystem includes a secret owner device 104. Secret owner device 104 mayinclude any computing device as described below in connection with FIG.10. Secret owner device 104 may include a plurality of computing devicesas described below in connection with FIG. 10; for instance, secretowner device 104 may include a plurality of computing devices orprocessors working in parallel, or may balance tasks, modules, and/orcomponents as described below between a plurality of devices accordingto any suitable method. Secret owner device 104 may be a singlecomputing device.

Still viewing FIG. 1, system 100 includes a memory 108 operativelyconnected to a secret owner device 104. Memory 108 may include anymemory technology suitable for storing information readable by computingdevices, including secret owner device 104, in non-transitory form.Memory 108 may include, without limitation, any memory device orcollection memory devices as described below in reference to FIG. 10,including without limitation a hard drive, a CD, a flash drive and/orcloud storage, among other known data storage devices/services. Memory108 may organize data according to any suitable protocol fororganization and storage of data on computing devices. Memory 108 may beoperatively connected to secret owner device 104 where the secret ownerdevice 104 is able to access the memory 104 to write or retrieve data,including graphical forms as described in further detail below.

In an embodiment, and continuing to view FIG. 1, memory 108 may bedesigned and configured to store a three-dimensional graphical design112. FIG. 2 illustrates an exemplary embodiment of a three-dimensionalgraphical design 112. Three-dimensional graphical design 112 includes afirst three-dimensional form 200. First three-dimensional form 200includes a first three-dimensional shape 204; first three-dimensionalshape 204 may include any shape that may be illustrated in a finitethree-dimensional space, including without limitation any regular orirregular polyhedral solids, solids with curved surfaces, or anycombination thereof. First three-dimensional shape 204 may include anyinternal or external voids, cavities, or depressions. Firstthree-dimensional shape 204 may include any projections from any surfaceor into any internal or external void, cavity, or depression; anyinternal or external void, cavity, or depression may be formed in anyprojection. First three-dimensional shape 204 may include any shape thatmay be produced in collaborative design methods as set forth in furtherdetail below. First three-dimensional shape 204 may include any formsuitable for depicting the shape of any existent object, or any designedobject, including without limitation objects to be manufactured asdescribed in further detail below. First three-dimensional shape 204 mayinclude linear or quantized approximations of any three-dimensionalshape, including fractal shapes. In an embodiment, geometric formsmaking up first three-dimensional shapes may be subjected to linear orother approximations for storage as pixels, voxels, or other digitalstorage means; geometric forms may alternatively be stored in the formof mathematical relationships or equations for geometric forms, whichmay be computed by reference to a dimension set as described below.Persons skilled in the art will be aware of various exact, iterative, orapproximated mathematical expressions that may be used to characterizeshapes in any set of dimensions, including without limitation in one-,two-, or three-dimensional spaces. Additional linear or digitalapproximations may be used to display first three-dimensional shape 204on a display device, or for efficient transmittal of firstthree-dimensional shape 204 over any network.

Still viewing FIG. 2, first three-dimensional form 200 includes a firstdimension set 208 in three dimensions. In an embodiment, first dimensionset 208 is a numerical description of the size and scale of firstthree-dimensional form 200 and/or of any portion thereof. As anon-limiting example, first dimension set 208 may be a three-dimensionalcoordinate system, which may include any cartesian coordinate system orspherical, cylindrical, or other polar coordinate systems; coordinatesystem may be linearly, logarithmically, or otherwise scaled. Moregenerally, first dimension set 208 may be any set of mathematicalobjects spanning three dimension over which a norm is defined indicatingthe distance between points or lines depicted in first three-dimensionalform 200; in other words, first dimension set 208 provides anunambiguous means to measure or approximate any size of firstthree-dimensional form 200, including any linear distance between twopoints included in first three-dimensional form 200, any surface areashown on first three-dimensional form 200, and any volume depicted aspart of first three-dimensional form. Persons skilled in the art will beaware of various methods for measurement or approximation of lengths,surface areas, and volumes with respect to any given first dimension set208 as described herein.

Continuing to view FIG. 2, first three-dimensional form 200 includes atleast a local geometric feature 212. At least a local geometric feature212 may be any portion of first three-dimensional form 200 that is notthe entire first three-dimensional form. At least a local geometricfeature 212 may be a portion of first three-dimensional form to bemodified in a collaborative design process as set forth in furtherdetail below. At least a local geometric feature 212 may include withoutlimitation a surface of first three-dimensional form 200, a portion of asurface of first three-dimensional form, a feature formed on or in asurface of first three-dimensional form 200 such as any projection,recess, hole, or combination thereof. At least a local geometric feature212 may include without limitation any opening, cavity, or projection infirst three-dimensional form 200. At least a local geometric feature 212may include any three-dimensional section of first three-dimensionalform 200.

Continuing to refer to FIG. 2, three-dimensional graphical design 112may be created using a computer modeling program (not shown). Computermodeling program may create three-dimensional graphical design 112automatedly by assembling one or more geometric forms. One or moregeometric forms may include any forms suitable for the composition offirst three-dimensional shape 204 including geometric primitives and/ormodels retrieved from memory 108 or received from remote device. One ormore geometric forms may be assembled from particular related geometricforms according to one or more image-rending protocols including withoutlimitation use of triangles to render images in a stereolithography(STL) file, use of raster or voxel-based graphics, or use of geometricrelations governing vectors in vector image formats. Computer modelingprogram may retrieve previously created models and modify them to createthree-dimensional graphical design 112; modifications may includecombinations of two or more retrieved models, combinations of two ormore models with additional details created using one or more geometricprimitives, or by manipulation of rasters, vectors, voxels, pixels andthe like. Computer modeling program may create three-dimensionalgraphical design 112 to match another computer model; for instance,computer modeling program may create three-dimensional graphical design112 to fit a surface, cavity, or other feature of the other computermodel. Computer modeling program may create three-dimensional graphicaldesign 112 to fulfill a manufacturing requirement where thethree-dimensional graphical design 112 represents a product or portionof a product to be manufactured, as discussed further below.

In an embodiment, and still referring to FIG. 2, computer modelingprogram may generate three-dimensional graphical design 112 in responseto one or more user instructions. For instance, a user may enter aninstruction directing computer model to create a geometric form of agiven type or shape, with sides, surfaces, volumes, vertices, or otherfeatures spaced and sized according to a dimension set such as, but notlimited to, first dimension set 208 as described above, and positionedin a particular location and/or attitude relative to any already extantforms in three-dimensional graphical design 112; as a non-limitingexample, the user may select a particular kind of geometric form, anduse a locator device such as a mouse, joystick, touchpad, or touchscreento indicate positions within the three-dimensional graphical design 112of vertices, sides, or points of a form, and computer modeling programmay create a geometric form having the vertices, sides, or points asindicated. For instance, a user may create a rectangular face byselecting an option to create a rectangle, may use a mouse cursor toindicate two or more vertices of the rectangle; the computer modelingprogram may render a rectangle having the two or more verticesindicated. Persons skilled in the art will be aware of many potentialmeans by which a computer modeling program may respond to a userinstruction to create various geometric forms and spatial relationshipstherebetween to build a three-dimensional computer model. Computermodeling program may include without limitation a computer-assisteddesign (CAD) program, such as the SOLIDWORKS® CAD system (registeredtrademark of Dassault Systemes of Velizy Villacoublay, France).

In some embodiments, and still referring to FIG. 2, three-dimensionalgraphical form 112 represents a structure at some stage in amanufacturing process, such as an article to be manufactured;manufacture may be performed as guided by designs produced by system 100as described herein, and three-dimensional graphical form 112 mayrepresent a structure that is in an initial manufacturing stage, apartially completed or assembled product, a workpiece, or any otherinterim or final form of any article to be manufactured. Examples of astructure that may be represented by three-dimensional graphical form112 include without limitation a piece of sheet metal, a solid cube, acylindrical pipe, an injection molded plastic toy, an article ofclothing such as a shirt made of cotton, and an assembly of variousparts such as a vehicle, among others. Three-dimensional graphical formmay be a CAD model of a part or an assembly of CAD models of parts thatmay be a virtual representation of a particular structure and may becreated using one or more appropriate CAD programs.

As would be apparent to one reasonably skilled in the art, aspects andembodiments of the invention may be applied to any number ofmanufacturing types, including but not limited to additive manufacturingprocesses such as rapid prototyping, subtractive manufacturing processessuch as machining, molding processes, and the manufacture of apparel andsheet metal products among others. In the case of sheet metal andapparel, designers may use CAD systems to design their products, usingsheets of flat material for manufacture. Design data, such as materialchoice, precise dimensions, or locations of additional features may beembedded within the digital design. Designers may choose differentmetals or fabrics (including non-woven materials such as leather)depending on the strength and other inherent properties of the material,which affects what manufacturing methods may be necessary to work thematerial. In the case of additive processes, designers may chooseparticular additive processes to follow and materials to use accordingto similar considerations. Subtractive manufacturing processes may bedesigned or generated to remove material from one or more workpieces orblanks to produce forms modeled as described herein. Purchasedcomponents (in some cases, identical purchased components) may be addedto the design, either in creating three-dimensional graphical form 112or as part of the processes described below. CAD programs may be used tovisualize the shape of the finished product, or of the product at anypreliminary or intermediate manufacturing stage.

As used herein, a design document or design file is a file produced by acomputer modeling program as described above. A design document may beor may include a CAD model, computer-model data, pricing data,non-pricing data, and/or a fabrication request, among other things.Designers may communicate such a design file while planning to one ormore suppliers if they desire to place an order with the one or moresuppliers.

Continuing to refer to FIG. 2, three-dimensional graphical design maycontain at least a global constraint 216. At least a global constraint216 may be one or more parameters limiting modifications tothree-dimensional graphical design 112. At least a global constraint 216may establish limits by reference to first dimension set 208. Forinstance, at least a global constraint 216 may include a requirementthat three-dimensional graphical design 112 be larger or smaller than acertain volume as represented in first dimension set 208, or that thesize of three-dimensional graphical design 112 be between a minimumvolume and a maximum volume as represented in first dimension set 208.At least a global constraint 216 may place a limit on design complexity;as a non-limiting example, at least a global constraint 216 may includea limit to file size of a design to be produced by system usingthree-dimensional graphical design 112, or may include a limit tosmallest theoretical file size to which a design produced by the system100 using the three-dimensional graphical design 112 may be compressedin a lossless compression algorithm, for instance by reference toinformation entropy of the design. In some embodiments, limiting designcomplexity permits more efficient collaborative design processes byeliminating unnecessarily complex designs.

Still referring to FIG. 2, at least a global constraint 216 may impose alimit on an article to be manufactured as guided by a completed designproduced by system 100 using three-dimensional graphical design 112. Forinstance, at least a global constraint 216 may include a maximum weightfor a product produced according to the completed design. At least aglobal constraint may include a minimum weight for a product accordingto the completed design; for instance, a user creating three-dimensionalgraphical design 112 may be aware that a completed product the userintends to create will likely weigh more than some minimum amount, andmay enter an instruction establishing that minimum weight as a globalconstraint to allow collaborators to design modifications accordingly asdescribed in further detail below. At least a global constraint 216 mayinclude a maximum tolerable degree of vibration, heat, impact or otherfactor affecting durability of completed product. At least a globalconstraint 216 may impose minimum degrees of vibration, heat, impact, orother factors affecting durability that completed product will likelyhave to withstand; for example, if completed product is likely tooperate at high or low temperatures, components included in completedproduct may need to be able to function correctly at the high or lowtemperatures, or may need to have heat-dissipating or insulatingproperties to assemble to form a functioning completed product underexpected conditions. At least a global constraint 216 may include aprice-based; that is, there may be a maximum price that manufacture ofcompleted product should not exceed. At least a global constraint 216may place a limit on expected rate of depreciation of completed product.At least a global constraint 216 may place a minimum limit ondurability, expected useful life, or other factors affecting thelong-term usability and/or economic value of completed product.

At least a global constraint 216 may include a plurality of globalconstraints. For instance, at least a global constraint 216 may includea maximum weight completed product may not exceed and a minimum weightcompleted product will have. At least a global constraint 216 mayinclude a relationship between two or more other global constraints; forinstance, at least a global constraint 216 may include a constraint thatmaximizes present value of completed product according to a calculationrelating manufacturing costs and projected maintenance costs ofcompleted product, such that a highly durable product with a higherinitial manufacturing cost may fulfill the global constraint, while aless-durable but more cheaply produced completed product may alsofulfill the global constraint.

Memory 108 may include a component data store 116. Component data store116 may be any structured data storage component, including withoutlimitation databases such as relational databases, key-value data storessuch as “NoSQL” data stores, data structures that facilitate efficientstorage and/or lookup of data items, and the like. Component data store116 may contain design files or models, such as those produced bycomputer modeling programs as described above, for various geometries,representations of components that may be assembled during manufacturingprocesses, and the like. For instance, and without limitation, componentdata store 116 may include design files representing one or more partsused in manufacture such as fasteners, brackets, motors, bearings,circuit elements, and the like.

Referring again to FIG. 1, system 100 includes an interrogation engine120. Interrogation engine 120 may comprise, for example, a subprogram orprogram module that may interrogate a design file such asthree-dimensional graphical design 112, secret shares as described infurther detail below, contributor graphical designs as described infurther detail below, or a combined graphical design as described below,to generate a list of objective requirements based on the data containedtherein. Interrogation engine 120 may further interrogate design filesto identify geometric forms, including without limitation firstthree-dimensional shape 204, local geometric feature 212, a secondthree-dimensional shape as described in further detail below, or amodification contained in a contributor graphical design or a combinedgraphical design, as described in further detail below.

Illustrative embodiments for an interrogation engine like interrogationengine 120 may be found in: U.S. patent application Ser. No. 15/467,079,filed on Mar. 23, 2017, and entitled “ELECTRONIC PRICING MACHINECONFIGURED TO GENERATE PRICES BASED ON SUPPLIER WILLINGNESS AND A USERINTERFACE THEREFOR,” which is incorporated by reference herein for itsteachings of particular interrogation engines, extraction of informationfrom interrogation engines, analysis of geometry in design files byinterrogation engines, extraction of pricing data from computer models,and for generation of pricing for manufactured materials; U.S. patentapplication Ser. No. 14/060,033, filed on Oct. 22, 2013, and entitled“AUTOMATED FABRICATION PRICE QUOTING AND FABRICATION ORDERING FORCOMPUTER-MODELED STRUCTURES,” which is incorporated by reference hereinfor its teachings of extracting pricing data from computer models andfor generation of pricing for manufactured materials; U.S. patentapplication Ser. No. 14/282,773, filed on May 20, 2014, and entitled“METHODS AND SOFTWARE FOR ENABLING CUSTOM PRICING IN AN ELECTRONICCOMMERCE SYSTEM,” which is incorporated by reference herein for itsteachings of particular interrogation engines and for generation ofpricing for manufactured materials; and U.S. Patent Application Ser. No.62/072,653, filed on Oct. 30, 2014, and titled “METHODS AND SOFTWARE FORFACILITATING PRICING AND ORDERING OF A STRUCTURE REPRESENTED IN ACOMPUTER MODEL,” which is incorporated by reference herein for itsteachings of various interrogation engines and related functionality andfor generation of pricing for manufactured materials.

In some embodiments, an interrogation engine, such as interrogationengine 120, may parse and/or analyze a design file, which may be a CADmodel, to identify separate elements thereof by reading a combination of(a) specific commands issued by a computer modeling program and (b)specific routines or functions associated with such commands todetermine whether they collectively define an individual element orportion (a “shape,” “solid body,” or “component”) of a design file. ManyCAD systems, including, by way of example, the SOLIDWORKS® CAD systemreferred to above, include an application program interface (API) toenable a user to control the issuance of customized routines orfunctions associated with such commands. Interrogation engine 120 mayread such commands, routines, and functions to determine whether theydefine an individual shape, and, if so, may analyze various geometricaspects of the defined shape to determine whether such aspectscorrespond to one or more manufacturing requirements for a product to bemanufactured based on a CAD model; the interrogation engine 120 mayanalyze similar commands, routines, and functions of other computermodeling programs to determine whether such aspects correspond to one ormore manufacturing requirements. If so, such requirements may be outputfrom interrogation engine 120 as computer model data such as CAD data,interrogation data, and/or objective requirements data for processingand analysis by any one or more components of the present disclosure.

As a first step, interrogation engine 120 may identify discrete shapesin a design file. As a non-limiting example, in an embodiment based onthe SOLIDWORKS® CAD system, interrogation engine 120 may read the“FeatureManager Design Tree” (an outline representation of individualshapes) to determine the number of solid bodies (or shapes) in thedesign; representations of individual shapes may be found in other CADsoftware files, and other CAD software systems may be used. In theSOLIDWORKS® CAD system, one command usable to analyze the number ofsolid bodies is:

object[ ] bodies=(object[])part.GetBodies2((int)Const.swBodyType_e.swSolidBody, false); {sansserif font}and the output is a list of bodies. The foregoing code statement islisted by way of example only; other code statements or sequences couldbe used and may depend on the particular form in which the design fileis created or formatted. For example, for a design file that definessurfaces, volumes, and other geometric forms using mathematicalrelationships interrogator engine 120 may analyze those mathematicalrelationships to derive geometric forms identified in the file. Asanother example, where one or more elements of the file are componentsretrieved from component datastore 116, such one or more elements may beidentified by interrogator engine 120 by reference to componentdatastore 116, by reference to an identifier of the one or more elementsassociated with their identity in the component datastore 116, or toexecution history indicating retrieval and inclusion of the one or moreelements from the component datastore.

Interrogation engine 120 may then analyze geometric aspects of suchidentified shapes and compare such aspects to correspondingmanufacturing requirements. In an embodiment, these manufacturingrequirements may include given starting materials. In other words,interrogation engine 120 may determine whether a given defined shape canbe manufactured from a given starting material based on one or moreanalyzed geometric properties of one or more identified shapes. If so,that starting material may be identified as a manufacturing option orrequirement and may be included in computer modeling program data, suchas CAD data, generated by interrogation engine 120. Interrogation engine120 may identify a manufacturing method that is usable to manufacture agiven defined shape from a given starting material. For instance,interrogation engine 120 may determine whether a sheet metal startingmaterial is of sufficiently uniform thickness to produce a sheet metalpart. As another example, interrogation engine 120 may determine whethera particular starting material is of sufficient softness for a givenmachining process, or possesses some other required property, such asconductivity for electronic discharge machining (EDM). Interrogationengine 120 may determine whether a final material property described ina design file is achievable using a given manufacturing method, or agiven starting material; for instance, a needed degree of strength ortolerance in a finished part may require a subtractive manufacturingprocess, while internal voids for lightness or buoyancy may require aprocess that is not subtractive.

Interrogation engine 120 may be designed and configured to extract theat least a local geometric feature from the three-dimensional graphicaldesign. Interrogation engine 120 may do this automatedly by identifyinggeometric forms and outputting computer modeling program filescontaining the identified forms. A user may enter one or moreinstructions identifying one or more geometric forms as local geometricfeatures; for instance, the user may select the one or more forms with amouse or other locator device. The identification and extraction of atleast a local geometric feature 212 may be performed with using acombination of user selection and automated processes; for instance,interrogation engine 120 may identify one or more forms selected by auser by means of geometric analysis, as described above.

Interrogation engine 120 may be configured to determine a price formanufacture of a product represented in a design file. In addition tothe matters incorporated by reference above, illustrative embodimentsfor the use of an interrogation engine such as interrogation engine 120to extract information for pricing from a design file, and the use ofsuch information to generate pricing for manufacture of an articlerepresented in the design file, may be found in U.S. patent applicationSer. No. 14/928,001, filed on Oct. 30, 2015, and entitled “METHODS ANDSOFTWARE FOR A PRICING-METHOD-AGNOSTIC ECOMMERCE MARKETPLACE FORMANUFACTURING SERVICES,” the entirety of which is incorporated herein byreference. A price may be a price estimate, a bid, or a firm fixedquote, and may contain non cost information such as a specific or rangeof lead-time or delivery date(s), among others. Interrogation engine 120may evaluate the price of the overall design, as well as the prices ofindividually contributed components; rules for interrogation engine mayplace non-price constraints on secret shares based on a known effect of,for instance, a particular geometric form or other thing on the overallprice, as maintained in component data store 116 or other location inmemory, or as received from a contributor device.

Interrogation engine 120 may be configured to evaluate conformance of adesign used or produced by system 100 to one or more constraints, suchas at least a global constraint 216 or a secret share constraint asdescribed in further detail below. For instance, where a globalconstraint of at least a global constraint 216 is a constraint on asize, volume, or other dimensional characteristic of a structurerepresented in a design file, interrogation engine 120 may useidentified geometric features and a dimension set such as firstdimension set 208 to obtain the dimensional characteristic subject tothe constraint, and compare the dimensional characteristic to theconstraint. As another example, where at least a global constraint 216imposes a maximum or minimum limit on the mass or weight of thestructure represented in the design file, interrogation engine 120 mayuse computation of volume of one or more identified geometric forms incombination with material data concerning one or more materialscomposing the structure as represented in the design file to compute themass or weight of the structure. Material data may similarly be used todetermine whether the structure has requisite material properties suchas resistance to heat, vibration, or impact damage, heat or electricalconductivity, or other properties specified by a global constraint orsecret share constraint. The effect of a particular modification on aglobal constraint may also be provided by a contributor device tointerrogation engine 120 or retrieved from component data store 116 orother locations in memory 108.

Still referring to FIG. 1, system 100 includes a secret share generator124 operating on the secret owner device 104. Secret share generator 124may comprise, for example, a subprogram or program module designed andconfigured to generate at least a graphical secret share. Referring nowto FIGS. 3A-D, a secret share of at least a graphical secret share 300as used herein is a graphical design, which may be any graphical designas described above regarding three-dimensional graphic design 112, whichcontains at least one feature of the three-dimensional graphical designbut lacks at least one other feature of the three-dimensional graphicaldesign 112; as a result, possession of one secret share of at least asecret share 300 provides the possessor with insufficient information toreconstruct three-dimensional graphic design.

Still referring to FIGS. 3A-D, at least a secret share 300 may includethe at least a local geometric feature 212. In some embodiments, forexample as shown in FIG. 3A, at least a graphical secret share containsonly the at least a local geometric feature 212. Graphical secret sharemay contain a restricted set of local geometric features of at least alocal geometric feature 212; for instance, where a first local geometricfeature of at least a local geometric feature 212 requires a firstmodification to advance the design to be produced by system 100 and asecond local geometric feature of the at least a local geometric feature212 requires a second modification, and where the first modification isdifferent from the second modification, only the first local geometricfeature of at least a local geometric feature 212 may be included in afirst secret share of the at least a graphical secret share 300, whilethe second local geometric feature may be included in a second secretshare of the at least a graphical secret share. For example, where thethree-dimensional graphic design 112 includes a first local geometricfeature that requires the addition of a fastener, and a second localgeometric feature that requires the production of a through-hole througha portion of the structure represented in the three-dimensional graphicdesign 112, a first secret share of at least a graphical secret share300 may include the first local geometric feature, for instance as shownin FIGS. 3A-B, and a second secret share of the at least a graphicalsecret share 300 may include the second geometric feature, for instanceas shown in FIG. 3C.

Still referring to FIGS. 3A-D, here three-dimensional graphic design 112includes a plurality of duplicative local geometric features of at leasta local geometric feature 212, a secret share of at least a graphicalsecret share 300 may include only one of the plurality of duplicativelocal geometric features. As a non-limiting example, wherethree-dimensional graphic design 112 includes multiple identical holesfor fasteners, only one hole for a fastener may be included in a secretshare of at least a graphical secret share 300.

As shown for instance in FIGS. 3B-D, a secret share of at least agraphical secret share 300 may include a second three-dimensionalgraphical form 304 having a second three-dimensional shape 308 and asecond dimension set 312 in three dimensions. Second three-dimensionalgraphical form 304 may be any three-dimensional form suitable for use asfirst three-dimensional form 200. Second three-dimensional shape 308 maybe any shape or combination of shapes suitable for use as firstthree-dimensional shape 204 as described above; second three-dimensionalshape 308 may be stored, represented, or rendered according to anymethod suitable for storage, representation, or rendering of firstthree-dimensional shape. Second dimension set 312 may be anythinguseable for first dimension set 208 as described above.

Still viewing FIGS. 3B-D, second three-dimensional graphical form 304may be distinct from the first three-dimensional graphical form 200. Forinstance, second geometric shape 308 may be a different shape from firstthree-dimensional shape 204. Second dimension set 312 may be differentfrom first dimension set 208. In some embodiments, secondthree-dimensional graphical form 304 is created with a plurality ofshape and dimensional differences from first three-dimensional graphicalform 200, for instance as described in further detail below.

As shown for instance in FIG. 3D, at least a graphical secret share 300may include one or more dummy features 316. One or more dummy features316, as used herein, are one or more local geometric features that arenot a part of three-dimensional graphic design 112. One or more dummyfeatures 316 may include duplicates of a local geometric feature of atleast a local geometric feature 212 that is included in a particularsecret share. One or more dummy features 316 may include othercomponents selected from component data store 116. The number of dummyfeatures included in a secret share of the at least a secret share maybe created as a function of a number of distinct features ofthree-dimensional graphical design 112, as described in further detailbelow. The number of distinct dummy features included in a secret shareof the at least a secret share may be created as a function of a numberof distinct features of three-dimensional graphical design 112, asdescribed in further detail below.

In an embodiment, a secret share of at least a graphical secret share300 enables system to provide a feature to be modified to a collaboratordevice as described below, in a manner that permits collaborator deviceto provide one or more options for the desired modification withoutpermitting collaborator device or an operator of collaborator device toderive the overall design of three-dimensional graphical design 112 orof any other computer model or graphical design produced by system 100using the desired modification. In an embodiment, the use of dummyfeatures 316 may render it difficult or impossible to assemble two ormore secret shares of at least a secret share 300 to derivethree-dimensional graphical design 112 or other designs or computermodels produced by system 100; this may particularly be the case wheresystem 100 is collaboratively designing several distinct designs fromseveral three-dimensional graphical designs 112 simultaneously. As aresult, it may be possible to obtain several distinct modifications toone three-dimensional graphical design 112 from the same collaboratordevice using multiple secret shares without enabling that collaboratordevice or its operator to reconstruct three-dimensional graphical design112 from the secret shares.

Referring to FIGS. 3A-D, secret share generator 124 may be designed andconfigured generate at least a secret share constraint 320 as a functionof at least a global constraint 216. At least a secret share constraint320 may be any constraint usable for at least a global constraint 216,as applied to at least a graphical secret share 300; that is, at least asecret share constraint may be one or more parameters limitingmodifications to a secret share of at least a graphical secret share.

Continuing to refer to FIGS. 3A-D may be performed by a numericalcalculation using at least a global constraint 216 as described infurther detail below. At least a numerical calculation may be performedusing one or more mathematical relations stored in memory 108. At leasta numerical calculation may be performed using information provided byinterrogation engine 120; interrogation engine 120 may provideinformation extracted from three-dimensional graphical design 112.Interrogation engine 120 may provide information extracted from at leasta graphical secret share 300. At least a numerical calculation may beperformed using one or more properties of a structure represented inthree-dimensional graphical design 112, such as material or materialsfrom which the structure is to be formed; where the one or moreproperties are embedded in three-dimensional graphical design,interrogation engine 120 may provide the one or more properties. Atleast a numerical calculation may be performed using one or moremanufacturing goals associated with three-dimensional graphical design112; one or more manufacturing goals may be provided in thethree-dimensional graphical design 112 and retrieved by interrogationengine 120 or may be stored in and retrieved from elsewhere in memory108. At least a numerical calculation may be performed using one or moreproperties or manufacturing goals of at least a secret share 300.

Still referring to FIGS. 3A-D, at least a secret share constraint may beembedded in at least a secret share 300, and thus conveyed with at leasta secret share 300 to a contributor device as described below. At leasta secret share constraint may be provided with at least a secret share300; that is at least a secret share constraint may be provided to acontributor device to which a corresponding secret share of the at leasta secret share 300 is transmitted, as described in further detail below.

Still viewing FIGS. 3A-D, in an embodiment, secret share generator 124may be designed and configured to modify at least a secret shareconstraint 320. For example, secret share generator 124 may modify asecret share constraint of at least a secret share constraint 320 inresponse to evaluation of modifications to at least a secret share 300,as described in further detail below. As a non-limiting example, secretshare generator 124 may modify at least a secret share constraint 320 byproducing a new secret share constraint as a function of the at least asecret share constraint and adopting the new secret share constraint asat least a part of at least a secret share constraint.

Reviewing FIG. 1 again, system 100 includes a contributor interface 128.Contributor interface performs electronic communication with one or morecontributor devices 132. Each contributor device of at least acontributor device 132 may be any computing device or combination ofcomputing devices suitable for use as secret owner device 104. In anembodiment, at least a contributor device 132 exchanges graphical secretshares, such as at least a graphical secret share 300 and othergraphical files with secret share owner 104, for example by way ofcontributor interface, 128 for the purposes of secure collaborativedesign of a three-dimensional form based upon three-dimensionalgraphical design 112.

Still viewing FIG. 1, contributor interface 118 is designed andconfigured to transmit at least a graphical secret share 300 to at leasta contributor device 132. Contributor interface 128 may transmit atleast a secret share 300 to at least a contributor device 132 using anymedium of electronic communication, including without limitation wiredelectronic communication, wireless communication, and fiber optics.Contributor interface 128 may transmit at least a secret share 300 usingany analog or digital data transfer protocol, including packet-basedcommunication, communication performed by modulating a signal, and thelike. Non-limiting examples of digital data transfer protocols usable bycontributor interface 128 may include file transfer protocol (FTP),hypertext transfer protocol (HTTP), any streaming protocols, and any newgeneration or secure versions of any protocol.

Continuing to view FIG. 1, at least a contributor device 132 may usecomputer modeling programs, such as CAD programs, operating on the atleast a contributor device 132 to modify at least a graphical secretshare 300. For instance, at least a contributor device 132 may receiveat least a graphical secret share 300 in any data format and translateto any data format suitable for modification or manipulation in acomputer modeling program operating on at least a contributor device132, perform modifications, and then return at least a graphical secretshare 300, as modified, as described in further detail below. Personsskilled in the art will be aware that at least a graphical secret share300 and other graphical files may be transmitted, received, and/orstored in formats readable by various different computer modelingprograms, including without limitation standardized file formats. Insome embodiments, one or more computer modeling programs operating on atleast a contributor device 132 make changes automatedly based upon atleast a graphical secret share 300; for instance, at least a secretshare 300 may provide sufficient information to permit a modelingprogram to determine a needed modification and to perform the neededmodification on the at least a secret share 300, as described in furtherdetail below.

Still viewing FIG. 1, contributor interface 128 may provide a graphicaluser interface (GUI) 136. GUI 136 may cause at least a graphical secretshare 300 to display on at least a contributor device 132, for instanceby means of a web browser or client-side application downloaded to theat least a contributor device 132. GUI 136 may provide one or more toolsthat permit a user to modify at least a graphical secret share 300; oneor more tools may include any tools available for editing any file inany computer modeling program, which may include without limitationtools permitting the user to modify displayed geometry. Tools forediting may include tools to permit the user to load componentinformation into the at least a graphical secret share 300, for instanceby retrieving geometrical, material, and/or other information describinga component from a file or data store on contributor device 132. GUI 136may similarly provide access to data describing one or more componentsor geometries that may be added from, for instance, component data store116 or similar data stores; access to contents of component data store116 may be managed by access control technologies and methods as setforth in further detail below. GUI 136 may provide user with one or moretools to view at least a graphical secret share 300 with or withoutmodifications, including without limitation tools to rotate, zoom, viewtextual annotations, display perspective, isometric, or straightawayviews, or any other display or display modification options available inany computer modeling program.

GUI 136 may include a spectrum viewer (not shown) that enables a user toadd or remove tools for viewing or modifying files such as at least agraphical secret share 300. Illustrative embodiments for a GUI, aspectrum viewer, and other user interfaces provided over a network maybe found in U.S. patent application Ser. No. 14/229,008, filed on Mar.28, 20174, and entitled “METHODS AND SOFTWARE FOR REQUESTING A PRICINGIN AN ELECTRONIC MARKETPLACE USING A USER-MODIFIABLE SPECTRUMINTERFACE,” which is incorporated by reference herein in its entirety.

System 100 may communicate with a design owner device 140. Design ownerdevice 140 may be a device from which system 100 receives an instructionto perform collaborative graphical design as disclosed herein; thedesign owner device 140 may be a device operated by a user or entityhaving a proprietary interest in the design to be produced by thecollaborative graphical design system 100. Design owner device 140 maybe included in secret owner device 104; for instance, the secret ownerdevice 104 may be operated by the same entity having a proprietaryinterest in the design produced by collaborative graphical design system100. Design owner device 140 may be a remote device; design owner device140 may be any device suitable for use as at least a contributor device132. Design owner device 140 may function as a contributor device for adifferent design in which a different entity has a proprietary interest.Design owner device 140 may communicate with secret owner device 104 byway of contributor interface 128 or a similar interface (not shown);contributor interface 128 may interact with design owner device usingany technology or method useable to interact with at least a contributordevice 132.

Contributor interface 128 may be designed and configured to receive fromat least a contributor device 132 at least a contributor graphicaldesign 400, exemplary embodiments of which are illustrated in FIGS.4A-B. At least a contributor graphical design 400 may include at least amodification 404 to at least a local geometric feature as included in atleast a graphical secret share 300; at least a modification may includean alteration of geometry 408 of the at least a local geometric feature,which may be any alteration of geometry that may be performed by anycomputer modeling program. At least a modification 404 may include anaddition of a component 412 to at least a local geometric feature. Whereat least a graphical secret share 300 includes one or more dummyfeatures 316, at least a modification may include modification to one ormore dummy features 316 as well as to at least a local geometricfeature; at least a contributor device 132 may have no way ofdetermining which feature in at least a secret share 300 is at least alocal geometric feature, and which is at least a dummy feature 316.Where at least a secret share 300 includes second three-dimensionalgraphical form 304, contributor graphical design may includemodifications to second three-dimensional graphical form 304;contributor device 132, or a user or entity operating contributor device132, may have no way of knowing which portions of at least a graphicalsecret share 300 are at least a local geometric feature 212 and whichportions are the second three-dimensional graphical form.

Referring FIG. 1 again, system 100 may include a merge engine 144executing on secret owner device 104. Merge engine 144 may beimplemented in any suitable fashion, including as a software moduleexecuting on secret owner device 104, a hardware module coupled tosecret owner device, a dedicated computing device, and the like. In anembodiment, merge engine 144 is designed and configured to generate atleast a combined graphical design as a function of the three-dimensionalgraphical design and the at least a contributor graphical design. FIG. 5illustrates an exemplary embodiment of a combined graphical design 500.Combined graphical design 500 may include a combined graphical designthree-dimensional form 504 created as a function of firstthree-dimensional form 200. Combined graphical three-dimensional form504 may be created as a function of first three-dimensional form 200 ifthe combined graphical three-dimensional form 504 has one or moregeometric features matching the first three-dimensional form 200; forinstance, merge engine may produce the combined graphicalthree-dimensional form 504 by applying modifications from contributorgraphical design to the first three-dimensional form 200.

Continuing to view FIG. 5, combined graphical design 500 may include atleast a combined graphical local feature 508. Combined local feature 508may be created as a function of at least a local geometric feature 212and at least a modification 404; in other words, combined local feature508 may include at least a local geometric feature 212 as modified by atleast a modification 404. For instance, where at least a modification404 includes at least a modification to geometry 408, combined localfeature 508 may include at least a local geometric feature as modifiedby at least a modification to geometry 512. Where at least amodification 404 includes at least a component 412, combined localfeature 508 may include at least a local geometric feature with added atleast a component 516.

As noted above, and still viewing FIG. 5, interrogation engine 120 maybe designed and configured to test feasibility of combined graphicaldesign 500, as set forth in further detail below. Merge engine 144 maybe designed and configured to receive an indication from interrogationengine 120 that one or more elements of combined graphical design 500are infeasible. Merge engine 144 may be designed and configured toreceive a user input indicating that one or more elements of combinedgraphical design 500 are infeasible. Merge engine 144 may be designedand configured to transmit to at least a contributor device 132 anindication that at least a graphical secret share 300 contains aninfeasible modification. Further examples of methods for the detectionof infeasibility and transmission of indication that at least agraphical secret share 300 contains an infeasible modification aredescribed below.

Referring again to FIG. 1, secret owner device 104 may store a secretshare key 148. Secret share key 148 may be a datum such as a number orarray of numbers that indicates how to combine at least a secret shareto produce the design being developed. Secret share key 148 may includea file identifier identifying three-dimensional graphical design; as aresult, possessors of at least a graphical secret share 300 may be ableto determine between them how to combine at least a graphical secretshare 300, including any modifications performed by at least acontributor device. In an embodiment, secret share key 148 may recordwhich features of an enumeration of features across all secret shares ofat least a graphical secret share 300 are genuine features of the designbeing developed and which are dummy features. Secret owner device 148may store secret share key 148 in memory 108. As a non-limiting example,secret share key 148 be a data structure mirroring a data structure ofgeometric features, such as a tree of features maintained by some CADprograms, with values such as binary values used to encode whether agiven feature is included or not (for instance, a binary value of “1”indicating the feature is included and a binary value of “0” indicatingit is not). Secret share key 148 may be generated by secret sharegenerator 124 as described in further detail below. In an embodiment,merge engine 144 may be designed and configured to use secret share key148 to determine which features to from at least a contributor graphicaldesign 400 to combine to form combined three-dimensional graphicaldesign 500. Secret share generator 124 may be designed and configured togenerate one or more key shares from secret share key, as described infurther detail below.

Although the above description, as illustrated in FIG. 1, has treatedinterrogator 120, secret share generator 124, contributor interface 128,and merge engine 144 as separate modules, persons skilled in the artwill be aware that any or all such elements may be combined in one ormore circuits, data structures, sets of processes, or other combinationsor divisions as efficiency and ease of design may indicate. Moreover,system 100 may include one or more additional modules or functionalitythat may interact with interrogator 120, secret share generator 124,contributor interface 128, and/or merge engine 144, as well as withcontributor devices 132 and/or design owner device or devices 140; suchmodules may include without limitation ordering modules (not shown) forautomatedly ordering processes or components from contributor devices132, operators of contributor devices 132, or other entities,contributor capabilities database or data stores (not shown),contributor pricing databases or data stores (not shown), or any othermodules or components that may be used in conjunction with computermodeling programs, collective design programs or platforms,cryptographic or secret-sharing programs or devices, and the like.System 100 may include any module or component described in theapplications incorporated by reference above. System 100 may include anycomponent of a manufacturing system as described in further detailbelow.

Turning now to FIG. 6, an alternate embodiment of a system 600 forsecure collaborative graphical design using secret sharing isillustrated. System includes a first contributor device 604 a of aplurality of contributor devices 604 a-c. Each contributor device ofplurality of contributor devices 604 a-c may be any device suitable foruse as secret owner device 104, at least a contributor device 132, ordesign owner device 140, as described above in connection with FIG. 1.Each contributor device of the plurality of contributor devices 604 a-chas a memory 608 a-c, which may be any memory 108 as described above inreference to FIG. 1. Each contributor device of the plurality ofcontributor devices has a computer modeling program 612 a-c, which maybe any computer modeling program as described above, including withoutlimitation a CAD program, a CAM program, or the like. Each contributordevice of the plurality of contributor devices 604 a-c may have one ormore of the modules, devices, or other components as described aboveoperating on secret owner device 100, including without limitation datastores such as component data store 116 described above, interrogationengine 120, secret share generator 124, contributor interface 128, GUI132, or merger engine 144.

System 600 includes a memory 608 a in communication with firstcontributor device 604 a. System includes a three-dimensional graphicaldesign 616 stored in memory 608 a of first contributor device 604 a;three-dimensional graphical design 616 may be any three-dimensionalgraphical design 212 as described above in reference to FIG. 2. System600 includes a computer modeling program 612 a operating on firstcontributor device 604 a. Computer modeling program 612 a may includefunctionality to perform tasks performed by interrogator engine 120 asdescribed above in reference to FIG. 1. Computer modeling program 612 amay include functionality to perform tasks performed by merger engine144 as described above in reference to FIG. 1.

System 600 includes a secret share generator 620 executing on firstcontributor device 604 a; secret share generator 620 may be any secretshare generator 124 as described above in reference to FIG. 1. Secretshare generator 620 is configured to generate at least a graphicalsecret share 624 a-b, which may be any at least a graphical secret share300 as described above in reference to FIGS. 1 and 3A-D. Secret sharegenerator 620 may be configured to generate a secret share key 628,which may be any secret share key 148 as described above in reference toFIG. 1. Secret share generator may be configured to receive secret sharekey 628 from another contributor device of plurality of contributordevices 604 a-b.

Secret share generator 620 may be configured to generate a plurality ofkey shares 632 a-b as a function of secret share key 148. Each key shareof plurality of key shares 632 a-b may be a datum that includes aportion of secret share key 148, but from which it is impossible orcomputationally impractical to generate secret share key 148 without atleast one other key share of the plurality of key shares; at least oneother key share of the plurality of key shares 632 a-b may be the entireplurality of key shares, or may be a lesser quantity of key shares. Insome embodiments, a set of key shares of plurality of key shares 632 a-bhaving cardinality equal to a number of contributor graphical designs400 needed to produce a combined graphical design 500 as described abovein reference to FIGS. 1-5. Persons skilled in the art, upon reading thisdisclosure, will be aware of many secret sharing schemes whereby aplurality of key shares may be generated, including schemes that areinformation-theoretically secure (unbreakable given infinite computingresources) given one or more parametric assumptions, and schemes thatare computationally secure (impossible to break in a practicaltime-scale given currently available computing resources, ortheoretically available computing resources available over some futureperiod of time); examples of such schemes include without limitationShamir's secret sharing scheme based on using a set of n points (thesecret shares) on an nth degree polynomial to uniquely define thepolynomial (the secret) in a coordinate system, Blakely's secret sharingscheme based on using a set of n hyperplanes (the secret shares) in ann-dimensional space to find the unique intersection of all n hyperplanes(the secret), secret shares based on the Chinese remainder theorem, andsecret shares in which n participants each receive one private key of aninstance of a cryptographic system along with the secret as encryptedusing all n instances.

In some embodiments, as further elucidated in the method discussionbelow, system 600 enables first contributor device 604 a to distributegraphical secret shares 624 a-b to a plurality of other contributordevices, such as second contributor device 604 b and third contributordevice 604 c, permitting the each of the plurality of other contributordevices to generate a contributor graphical design, which may be atleast a contributor graphical design 400 as described above in referenceto FIGS. 1-5; although only two other contributor devices 604 b-c aredepicted in FIG. 6, it should be understood that system 600 maydistribute greater numbers of graphical secret shares 624 a-b to greaternumbers of contributor devices 604 a-b, as described in further detailbelow. Where system 600 distributes key shares 632 a-b, a set ofcontributor devices 604 a-c that are ultimately chosen to produce afinal design may be able to combine key shares, and therefor use anycomputer modeling program 612 a-c operating on any contributor device604 a-c to merge the graphical secret shares 624 to produce a combinedgraphical design, which may be performed as described above in referenceto FIGS. 1-5. In an embodiment, this may eliminate the need for acentral secret owner device; any contributor device 604 a-c may operateas first contributor device 604 a if configured as system 600, anddifferent contributor devices of plurality of contributor devices 604a-c may operate as first contributor device 604 a for another design.For instance, an overall design process may involve multiple stages, andeach stage may be coordinated by a different contributor device; forsome complex designs, a graphical secret share 624 a-b may be used as adesign in an additional iteration of a method as described below, toproduce a contributor graphical design for the original collaborativedesign by the same collaborative design method. Persons skilled in theart will be aware of the ability to nest design stages recursively andproduce multiple components and subsequently their assembly by way ofmultiple iterations of methods described herein.

System 600 also allows a contributor device 604 a-c having a superior oroptimal computer modeling program 612 a-c for a particular merging taskthat might be performed by merge engine 144 to be the contributor devicethat performs that merging task. This may improve the efficiency of themerging task itself, and may also improve the efficiency or quality ofan automated manufacturing process driven by manufacturing instructionsderived from combined graphical design 500 by producing a more accuratecombined graphical design 500 or producing combined graphical design 500in a format capable of producing one or more manufacturing instructionsets more efficiently or effectively. Indeed, each contributor devicegiven access to the ability to assemble graphical secret shares mayseparately perform merge with its computer modeling program, andsubsequently generate optimal manufacturing instructions using its ownversion of combined graphical design 500; this may also ensure that eachentity operating a contributor engine is able to use preferred and/oroptimized manufacturing instruction sets, and manufacturing techniquesto produce higher-quality or less expensive components or modificationsfor the structure being manufactured, without revealing any of thoseinstruction sets, manufacturing techniques, or even modeling techniques,any of which may be proprietary, to any other entity operating one ofthe contributor devices 604 a-c.

Referring now to FIG. 7, an exemplary embodiment of a manufacturingsystem 700 is illustrated. Manufacturing system 700 as used herein is asystem that produces a physical article by manipulation of material.Manufacturing system 700 may produce the physical article throughadditive processes in which material is added to the article, includingincremental additive processes such as rapid prototyping,stereolithography, “3D printing,” and the like. Manufacturing system 700may produce the physical article by subtractive processes includingwithout limitation machining such as end-mill machining, EDM, and thelike. Manufacturing system 700 may produce the physical article throughmolding processes. Manufacturing system 700 may produce the physicalarticle through coating, painting, or other processes. Manufacturingsystem 700 may produce the physical article through assembly ofcomponents by fastening, welding, brazing, adhering, heat-sealing, andthe like. Manufacturing system 700 may produce the physical articlethrough sheet metal techniques such as bending, stamping, and punchingsheet metal. Manufacturing system 700 may produce the physical articlethrough textile or fiber product manipulation processes includingfilament production such as spinning, monofilament extrusion, pulpproduction, and the like, filament or fiber production methods such astwisting into cords, braiding, knitting, weaving, felting, pressing,rolling, and other methods, and methods for combining textile and/orfiber products with other such products or other items, includingsewing, stapling, fastening, adhesion, layering, or other processes.Manufacturing system 700 may produce the physical article throughmethods and techniques for producing integrated circuits,semiconductors, printed circuit boards, and other electrical components.Manufacturing system 700 may produce the physical article throughmethods producing and manipulating polymers, including extrusion,frothing, foaming, cutting, and the like. Manufacturing system 700 mayuse any combination of the above methods, or of other manufacturingmethods. Physical article may be a completed product, a partiallycompleted product, a component of a product, or any other stage in theproduction process of any end-product from raw materials to thecompleted article.

Still viewing FIG. 7, manufacturing system 700 may include an automatedmanufacturing device 704. Automated manufacturing device 704 may be anycomputing device or combination of computing devices incorporated inmanufacturing system 700 and designed and configured to initiatemanufacture of a physical article. In an embodiment, a computing devicemay be incorporated in manufacturing system 700 where manufacturingdevice is able to transmit one or more instructions to manufacturingsystem 700 electronically, including by transmitting one or moreinstructions to another automated manufacturing device 704 incorporatedin manufacturing system 700, to a manufacturing controller 708 asdescribed in further detail below, or to a manufacturing device 712 asdescribed in further detail below.

Still viewing FIG. 7, automated manufacturing device may include acomputer modeling program 716; computer modeling program 716 may be anyprogram suitable for use as a computer modeling program as describedabove in reference to FIGS. 1-6. Automated manufacturing device 704 mayinclude a manufacturing instruction generator 720. Manufacturinginstruction generator 720 may be a hardware or software module connectedor operating on automated manufacturing device 704 and designed andconfigured to generate one or more manufacturing instructions that causea manufacturing device 712, as described in further detail below, toperform at least one physical act to produce a physical article.Manufacturing instructions may include, without limitation,machine-control instructions or toolpaths for the operation of asubtractive manufacturing device such as a computer numerical control(CNC) machining device, rapid prototyping instructions directing a rapidprototyping device such as a 3D printer to add material incrementally ina particular pattern such as a layer in a 3D printed article,instructions to perform a step in a molding process such as assembling amold, injection of material into a mold, increasing or decreasingtemperature, curing, and opening the mold, and instructions to perform aparticular assembly step, such as placement of an article relative toanother article, attachment of screws or bolts, weld or adhesiveplacement, or any other manufacturing step.

Automated manufacturing device 704 may include, without limitation, anycomputing device or collection of computing devices described above.Secret owner device 104 may be an automated manufacturing device. Atleast a contributor device 132 may be an automated manufacturing device.Design owner device 140 may be an automated manufacturing device. Anyone of contributor devices 604 a-c may be an automated manufacturingdevice.

Manufacturing system 700 may include a manufacturing device 712.Manufacturing device 712 may be any device that performs manipulation ofphysical material to produce a physical article as described above. Forexample, and without limitation, manufacturing device 712 may be amachine tool or other subtractive manufacturing device, a rapidprototyping device, an automated assembly system such as one or moreassembly robots, and any device capable of performing any other step inmanufacturing processes as described above.

Turning now to FIG. 8, an exemplary embodiment of a method 800 ofsecret-sharing for secure collaborative graphical design is illustrated.At step 805, method 800 includes providing, at a secret owner devicehaving at least a processor and a memory a three-dimensional graphicaldesign containing a three-dimensional graphical design. At step 810,method 800 includes generating, at the secret owner device, at least agraphical secret share. At step 815, method 800 includes transmittingthe at least a graphical secret share to at least a contributor device.At optional step 820, method includes receiving, from the contributordevice, at least a contributor graphical design. At optional step 825,method 800 includes generating at least a combined graphical design as afunction of the three-dimensional graphical design and the at least acontributor graphical design.

Still referring to FIG. 8, a three-dimensional graphical design 112 isprovided at a secret share owner device 104. Three-dimensional graphicaldesign 112 may be any three-dimensional graphical design 112 asdescribed above in reference to FIG. 1. Three-dimensional graphicaldesign 112 includes a first three-dimensional form 200. Firstthree-dimensional form 200 includes a first three-dimensional shape 204.First three-dimensional form 200 includes a first dimension set 208 inthree dimensions. Three-dimensional graphical design 112 includes atleast a local geometric feature. First three-dimensional graphicaldesign 112 may represent a physical article to be manufactured,including without limitation any physical article to be manufacturedusing manufacturing system 700 as described above.

In an embodiment, and still referring to FIG. 8, three-dimensionalgraphical design 112 may be any three-dimensional graphical design 616as described above in reference to FIG. 6. Secret share owner device 104may be a secret share owner device as disclosed above in reference toFIG. 1. Secret share owner device 104 may be a first contributor device604 a as described above in reference to FIG. 6. Secret share ownerdevice 104 may generate three-dimensional graphical design 112 using acomputer modeling program as described above. Computer modeling programmay generate some geometrical features of three-dimensional graphicaldesign 112 automatedly, for instance as described above in reference toFIGS. 1-6. Computer modeling program may generate some geometricalfeatures of three-dimensional graphical design 112 in response to one ormore user inputs. Computer modeling program may generatethree-dimensional graphical design 112 using a combination of automatedprocesses and user inputs. Secret owner device 104 may generatethree-dimensional graphical design 112 using any method or systemdisclosed herein, including without limitation the method described inreference to FIG. 8, the system described in reference to FIG. 1, andthe system described in reference to FIG. 6.

Still viewing FIG. 8, secret owner device 104 may receivethree-dimensional design 112 from another device. For example, andwithout limitation, secret owner device 104 may receivethree-dimensional design 112 from a contributor device of at least acontributor device 132, from a contributor device of plurality ofcontributor devices 604 a-b, from design owner device 140, fromautomated manufacturing device 704, or any other computing device.

Continuing to view FIG. 8, at least a graphical secret share 300 isgenerated at the secret owner device 104. At least a graphical secretshare 300 may be any at least a graphical secret share 300 or at least agraphical secret share 624 a-b as described above in reference to FIGS.1-6. At least a graphical secret share 300 may be generated by secretshare generator 124 or secret share generator 620. FIG. 9A illustratesan exemplary embodiment of a method for generating at least a graphicalsecret share 300. At step 900, generating at least a graphical secretshare 300 may include generating a second three-dimensional graphicalform 304 having a second three-dimensional shape 308 and a seconddimension set 312 in three dimensions. Further continuing step 900, thesecond three-dimensional graphical form 304 may be distinct from thefirst three-dimensional graphical form 200. Second three-dimensionalgraphical form 304 may be distinct from the first three-dimensionalgraphical form 200 where first three-dimensional shape 204 differs fromsecond three-dimensional shape 308. Second three-dimensional graphicalform 304 may be distinct from the first three-dimensional graphical form200 where first dimension set 208 differs from second dimension set 312.There may be a combination of differences between firstthree-dimensional shape 204 and second three-dimensional shape 308 anddifferences between first three-dimensional graphical form 200 wherefirst dimension set 208 differs from second dimension set 312.

Still referring to FIG. 9A, generating the second three-dimensionalgraphical form 304 may involve generating at least a three-dimensionalgeometric primitive. At least a three-dimensional geometric primitivemay be a regular or irregular polyhedral solid, a regular or irregularcurved solid, or some combination of polyhedral and curved elements.

Secret owner device 104 may determine whether second three-dimensionalgraphical form 304 differs from first three-dimensional graphical form200 by comparing the geometric primitive to the first three-dimensionalform and enumerating differences between the at least athree-dimensional geometric primitive and the first three-dimensionalform 200 to produce at least a numerical quantity indicating a degree ofdifference. This may be accomplished, as a non-limiting example, bydetermining numbers of edges, vertices, and surfaces of each of the atleast a three-dimensional geometric primitive and the firstthree-dimensional form, as well as rules or mathematical formulasrelating edges, vertices, and surfaces to each other in each form; theedges, vertices, surfaces, and relational rules or mathematical formulasfrom each form may then be compared to the other. This may be performedby interrogator engine 120. Interrogator engine 120 may extract geometryfrom each form and enumerate differences between each set of geometryand the other. In some embodiments, the enumeration of differences iscompared to a threshold number representing a minimum required number ofdifferences. In some embodiments, secret owner device 104 determinesthat the numerical quantity indicating the degree of difference does notmeet the threshold number and modifies the three-dimensional geometricprimitive. Modification may include, without limitation, generating adifferent geometric primitive and combining it with the first geometricprimitive or replacing the first geometric primitive or making a randomchange. Secret owner device 104 may enumerate differences between secondthree-dimensional graphical form 304 and first three-dimensionalgraphical form 200 and compare the enumeration to the threshold number.Second three-dimensional graphical form 304 may also be generated byretrieving one or more representations of components, for instance fromcomponent data store, and combining the one or more representations ofcomponents.

Still viewing FIG. 9A, generating the at least a graphical secret share300 may involve generating at least a dummy feature 316 not included inthe three-dimensional graphical design. This may be accomplished asdescribed above in reference to FIGS. 1-5. At least a dummy feature 316may be a duplicate of the at least a geometric feature. Generating theat least a dummy feature 316 may include retrieving, from a data storecontaining a plurality of geometric features, at least a stored featurethat is distinct from the at least a geometric feature and generatingthe at least a dummy feature as a function of the at least a storedfeature. For instance, the data store may be component data store 116,and at least a stored feature may be a component or geometry stored indata store 116. Interrogation engine 120 may verify that at least adummy feature may be combined with other features of at least agraphical secret share 300 in a realistic or believable manner usingmanufacturing feasibility testing or similar methods.

Continuing to refer to FIG. 9A, generating the at least a graphicalsecret share 300 may involve adding dummy features in quantities thatare a function of the number of geometric figures in three-dimensionalgraphical design 112. For instance, interrogator 120 may enumerategeometric features of three-dimensional graphical design 112; theenumeration may exclude the local geometric feature of at least a localgeometric feature 212. Secret share generator 124 may then produce atleast a graphical secret share 300 by iteratively building the at leasta graphical secret share 300 using dummy features 316 assembled in aphysically feasible manner to produce a graphical secret share having anequal quantity of information to the original design.

Still referring to FIG. 9A, at step 905, the at least a local geometricfeature 212 is added to the second three-dimensional graphical form 304.This may be performed using a computer modeling program as describedabove. At step 910, the at least a graphical secret share 300 isgenerated as a function of the second three-dimensional graphical form304 and the at least a local geometric feature 212.

FIG. 9B illustrates another exemplary embodiment of a set of steps thatmay be followed to generate at least a graphical secret share 300. Atstep 915, at least a local geometric feature 212 is extracted fromthree-dimensional graphical design 112. This may be accomplished usinginterrogation engine 120. At step 920, at least a graphical secret share300 is generated as a function of the at least a local geometric feature212.

Returning to FIG. 8, where the three-dimensional graphical designcontains at least a global constraint 216, generating the graphicalsecret share may include generating at least a secret share constraintas a function of the at least a global constraint 216. At least a globalconstraint may be any global constraint 216 described above in referenceto FIGS. 1-6. At least a global constraint 216 may be entered by user;for instance, user may enter as at least a global constraint 216 arequirement that combined graphical design 500 weigh less than a certainamount, possess other physical or material properties, or cost leastthan a certain price, as determined by the user from manufacturingrequirements the user wishes to fulfill, or physical limits user isaware of such as a minimum possible weight for design. Wherethree-dimensional graphical design 112 is a graphical secret share 300produced in an earlier iteration of a collaborative editing method suchas method 800, at least a global constraint 216 may be at least a secretshare constraint 320 that was generated for that graphical secret share300 during the earlier iteration. Interrogator engine 120 may alsogenerate global constraint based upon, as a non-limiting example, knownproperties of materials or shapes represented in three-dimensionalgraphical design 112 or outputs of pricing methods.

Still viewing FIG. 8, at least a secret share constraint 320 may begenerated from at least a global constraint 216 using one or morerelationships between limitations or requirements affectingthree-dimensional graphic design 112 and at least a secret share. Suchlimitations or requirements may be stored in a data store, derived orused by interrogator engine 120, entered by a user, received fromanother device, or otherwise obtained. As a non-limiting example, wherea global constraint requires that an object represented in combinedgraphical design 500 may not exceed a certain mass or weight, acorresponding secret share constraint may require that the weight ormass of local geometric feature 212 with modifications as describedabove may not exceed certain amount. As another non-limiting examplewhere a global constraint establishes that an object represented incombined graphical design 500 will exceed a certain weight (i.e. becausesome components are only available at or above a certain weight), acorresponding secret share constraint may be that a fastener or joiningmethod added in a contributor graphical design 400 must have certainshear resistance or strength.

Continuing to view FIG. 8, where a global constraint is an expecteddegree of vibration, heat, impact, or other factor affecting durabilityof overall design, a corresponding secret share imposed for instance ona component to be added in contributor graphical design 400 may limit orrequire some degree of component ability to withstand the component'slikely portion of that factor or component ability to alleviate thefactor by, e.g. dampening vibration having the flexibility to absorbsome degree of impact/force, having the ability to conduct electricityor heat away from the structure represented in combinedthree-dimensional graphical design, or the like.

Still viewing FIG. 8, where a global constraint is price-based, forinstance as a maximum manufacturing price not to exceed, a correspondingsecret share constraint may limit the contribution of modificationspresented in contributor graphical design 400 to the price of theoverall structure to be manufactured. In some embodiments, interrogationengine 120 may evaluate the price of the overall design, as well as theprices of individually contributed components; rules for interrogationengine may place non-price constraints on secret shares based on a knowneffect of, for instance, a particular geometric form, material, or otherfactor on the overall price. In addition, costing constraints mayinclude a balance of manufacturing and maintenance costs, so that theconstraints provided may be a mixture of constraints pertaining todurability and constraints pertaining to price: an aluminum stud may begiven the same value as a steel stud that costs twice as much, forinstance, based on the likelihood that the steel stud will lastsubstantially longer.

Continuing to view FIG. 8, where a single geometric feature 212 of whichthere are a plurality in three-dimensional graphical design 300 isprovided in a graphical secret share, secret share constraint may bebased on a needed property of the plurality, and thus the secret shareconstraint may be a constraint on the individual contribution to thatproperty of the single shared local geometric feature. Where each dummyfeature 316 is affected by a similar secret share constraint, the actualconstraint pertaining to the real features may be multiplied by thenumber of similar dummy features; similarly, at least a secret shareconstraint 320 may be a combination of secret share constraints imposedon real features and on dummy features.

In an embodiment, and with continuing reference to FIG. 8, at least aglobal constraint 216 may include a plurality of global constraints; forinstance at least a global constraint may include a first globalconstraint and a second global constraint. Generating at least a secretshare constraint 320 may include generating a single secret shareconstraint as a function of both first global constraint and secondglobal constraint; for instance, a secret share constraint maycorresponding to a first global constraint and a second globalconstraint that may be related mathematically may be expressed as alimitation on that mathematical relation. Generating the at least asecret share constraint may involve generating a first secret shareconstraint as a function of first global constraint and generating asecond secret share constraint as a function of second globalconstraint.

Still referring to FIG. 8, generating at least a secret share 300 mayinvolve generating a secret share key 148. Secret share key 148 may begenerated as described above by reverence to an enumeration of featuresin all secret shares of at least a secret share 300. Generating at leasta secret share 300 may involve generating a plurality of key shares,which may be generated according to any protocol described above inreference to FIGS. 1-6 for the generation and use of secret shares insecret sharing schemes. Key shares may be included in graphical secretshares of at least a graphical secret share 300 or transmittedseparately to contributor devices 132.

Continuing to refer to FIG. 8, where at least a local geometric feature212 includes a first geometric feature and a second geometric featuregenerating the at least a secret share 300 may include generating afirst secret share containing the first geometric feature and the secondthree-dimensional graphical form 304, and generating a second secretshare containing the second geometric feature and athird-three-dimensional graphical form; third three-dimensionalgraphical form may be generated using any process suitable forgeneration of second three-dimensional graphical form. Thirdthree-dimensional graphical form is distinct from the firstthree-dimensional graphical form. Second three-dimensional graphicalform may be distinct from third three-dimensional graphical form.

Still referring to FIG. 8, where generating the at least a secret share300 includes generating first secret share and second secret share,generating the first graphical secret share may include generating afirst secret share constraint as a function of the at least a globalconstraint, and generating the second graphical secret share may includegenerating a second secret share constraint as a function of the atleast a global constraint. Each secret share constraint of first secretshare constraint and second secret share constraint may be generatedaccording to any process described above for generating at least asecret share constraint 320.

At step 815, and with continued reference to FIG. 8, method 800 includestransmitting the at least a graphical secret share to at least acontributor device 132. At least a contributor device may be anycontributor device 132, 604 a-c as described above in reference to FIGS.1-6. Transmission may be accomplished using any form of electroniccommunication described above in reference to FIGS. 1-6. Transmissionmay be encrypted or otherwise secured, for instance using secure socketlayer protocols.

With continued reference to FIG. 8, transmitting the at least a secretshare 300 to at least a contributor device 132 may include transmittinga secret share of the at least a graphical secret share 300 to aplurality of contributor devices; the same secret share may betransmitted to multiple contributor devices 132 capable of making thesame desired modification to a geometric feature of at least a localgeometric feature 112. User-entered manufacturing requirements, at leasta secret share constraint 320, and/or manufacturing requirementsgenerated by interrogation engine 120 may be transmitted with orincluded in at least a graphical secret share 300. Where generating theat least a secret share 300 includes generating first secret share andsecond secret share, transmitting the at least a graphical secret shareto the at least a contributor device may include transmitting the firstgraphical secret share to a first contributor device and transmittingthe second graphical secret share to a second contributor device.

At optional step 820, and still referring to FIG. 8, method includes atleast a contributor graphical design 400 may be received from thecontributor device. Contributor graphical design 400 may be anycontributor graphical design 400 as described above in reference toFIGS. 1-6. At least a contributor graphical design 400 may include atleast a modification 404 to the at least a local geometric feature 212.Modification 404 may include an additional three-dimensional graphicalform matching the local geometric feature, at least a modification togeometry 408, or at least an added component 412 as described above.Modification may include means of fastening, including crimping,welding, brazing, adhering, and the like, as described above inreference to FIGS. 1-6.

Still referring to FIG. 8, secret owner device 104 may compare the atleast a contributor graphical design 400 to at least a secret shareconstraint 320. This may be accomplished by having interrogation engine120 analyze contributor graphical design 400 for values or attributeswith respect to which secret share constraint 320 is defined anddetermining whether those values or attributes fulfill the requirementsof secret share constraint 320. Secret owner device 104 may compare atleast a contributor graphical design 400 to at least a global constraint216. This may be accomplished by having interrogation engine 120 analyzeat least a contributor graphical design 400 for values or attributeswith respect to which at least a global constraint 216 is defined anddetermining whether those values or attributes fulfill the requirementsof at least a global constraint 216. Where at least a global constraintincludes a first global constraint and a second global constraint,secret owner device 104 may compare the at least a contributor graphicaldesign 400 to the first global constraint and to the second globalconstraint.

Continuing to refer to FIG. 8, where at least a graphical secret share300 includes a first secret share containing a first geometric featureand a second secret share containing a second geometric feature, secretowner device 104 may receive a first contributor graphical designincluding a modification to the first geometric feature, and may modifythe second secret share constraint as a function of the contributorgraphical design and the at least a global constraint. This may involvedetermining that the first contributor graphical design outperforms thefirst secret share constraint, and wherein modifying the second secretshare constraint further comprises loosening the second secret shareconstraint; comparison of first contributor graphical design to thefirst secret share constraint may be performed as described above, forinstance using interrogation engine 120. As a non-limiting example,where at least a global constraint 216 includes a maximum weight thatthe overall design cannot exceed, and a component submitted with firstcontributor graphical design weighs substantially less than the limitfor that component given in first secret share constraint, second secretshare constraint may be adjusted by the difference in weight to allowmodifications in second contributor graphical design to weigh that muchmore. Similarly, if modifications in first contributor graphical designcost less than a maximum cost imposed by first secret share constraint,second secret share constraint may be modified to permit a higher costfor modifications provided in second contributor graphical design.

Still referring to FIG. 8, secret owner device 104 may determine thatfirst contributor graphical design underperforms the first secret shareconstraint, and modifying the second secret share constraint furthercomprises tightening the second secret share constraint; as anon-limiting example, where first contributor graphical design weighs orcosts more than first secret share constraint allows, second secretshare constraint may be modified to allow less weight, or cost, thanpreviously. Persons skilled in the art will be aware of many morevariations on this process that may be performed along similar lines.Modified second secret share constraint may be transmitted to secondcontributor device; transmission may be accomplished according to anyprocess described above for transmission of at least a secret shareconstraint 320.

At optional step 825, and still referring to FIG. 8, method 800 mayinclude generating at least a combined graphical design 500 as afunction of the three-dimensional graphical design 112 and the at leasta contributor graphical design 400. This may be accomplished by mergeengine 144, or by computer modeling program 612 a-c, among otheroptions. Where three-dimensional graphical design 112 includes at leasta second feature not included in at least a graphical secret share 300,generating the at least a combined graphical design 500 may includemodifying the at least a second feature as a function of at least acontributor graphical design 400; this may be done, for instance, wherethe at least a graphical secret share 300 included only one of severalduplicate features as described above.

Still referring to FIG. 8, where generating at last a graphical secretshare 300 further involves generating a first secret share constraintand a second secret share constraint as a function of the at least aglobal constraint 216, receiving the at least a contributor graphicaldesign 400 may further involve receiving a first contributor graphicaldesign matching the first secret share constraint and a secondcontributor graphical design matching the second secret shareconstraint. Generating at least a combined graphical design 500 may theninclude further comprises generating a first combined graphical designas a function of the three-dimensional graphical design and the firstcontributor graphical design and generating a second combined graphicaldesign as a function of the three-dimensional graphical design and thesecond contributor graphical design. The first combined graphical designand second combined graphical design may each be displayed to a user,allowing the user to select a preferred design, for instance based on agreater willingness to compromise on one of the global constraints thanthe other.

Continuing to refer to FIG. 8, where multiple contributor graphicaldesigns 400 are received for each desired modification, system 100 maygenerate combined graphical designs 500 representing each feasiblecombination, as determined for instance by interrogator engine 120, ofcontributor graphical designs 400, and display the combined graphicaldesigns 500 for the user to select one. Combined graphical designs 500may be ranked, for instance, combined graphical designs may be rankedaccording to degree of conformance with at least a global constraint216.

With continued reference to FIG. 8, method 800 may include receiving,from a plurality of contributor devices 132, a plurality of contributorgraphical designs 400, selecting, from the plurality of contributorgraphical designs 400, a preferred contributor graphical design, andgenerating a combined graphical design as a function of thethree-dimensional graphical design and the preferred contributorgraphical design. Selecting may involve displaying plurality ofcontributor graphical designs to a user and receiving from the user aselection of the preferred contributor graphical design. Displayingplurality of contributor graphical designs to the user may furtherinclude ranking the plurality of contributor graphical designs andselecting a contributor graphical design, of the plurality ofcontributor graphical designs, having an optimal ranking. Ranking may beperformed as function of the at least a global constraint 216.

Still referring to FIG. 8, as noted above, interrogation engine 120 testfeasibility of combined graphical design 500. Merge engine 144 mayreceive an indication from interrogation engine 120 that one or moreelements of combined graphical design 500 are infeasible; merge engine144 may similarly receive a user input indicating that one or moreelements of combined graphical design 500 are infeasible. Merge engine144 transmit, or cause contributor interface 128 to transmit, to atleast a contributor device 132 an indication that at least a graphicalsecret share 300 contains an infeasible modification. Secret ownerdevice 104 may receive a second at least a contributor graphical design400 that differs from first at least a contributor graphical design 400;this may be performed iteratively to generate a feasible design, eitherwith user input or automatedly.

Still referring to FIG. 8, secret owner device 104 may initiatemanufacture of a structure represented in combined graphical design.Initiating manufacture may involve commencing any manufacturing processthat may be performed by a manufacturing system 700 as disclosed abovein reference to FIG. 7. Initiating manufacture may include receiving, atan input port of secret owner device 104, a manufacture initiationsignal. Initiating manufacture may include generating a manufactureguidance file, such as a design file as described above that may be usedto direct a manufacturing device 712 as described above. Initiatingmanufacture may include generating manufacturing instructions asdescribed above in reference to FIG. 7; manufacturing instructions maybe generated by a manufacturing instruction generator 720 as describedabove. Initiating manufacture may include starting a manufacturingdevice 712; starting a manufacturing device may include transmittingmanufacturing instructions to manufacturing device 712. Starting amanufacturing device 712 may include transmitting a design file tomanufacturing device 712. Starting a manufacturing device 712 mayinclude transmitting a signal to manufacturing device 712 that themanufacturing device 712 is configured to interpret as causingmanufacturing device to perform physical operations as described above.Transmission may be direct, or via another automated manufacturingdevice.

It is to be noted that any one or more of the aspects and embodimentsdescribed herein may be conveniently implemented using one or moremachines (e.g., one or more computing devices that are utilized as auser computing device for an electronic document, one or more serverdevices, such as a document server, etc.) programmed according to theteachings of the present specification, as will be apparent to those ofordinary skill in the computer art. Appropriate software coding canreadily be prepared by skilled programmers based on the teachings of thepresent disclosure, as will be apparent to those of ordinary skill inthe software art. Aspects and implementations discussed above employingsoftware and/or software modules may also include appropriate hardwarefor assisting in the implementation of the machine executableinstructions of the software and/or software module.

Such software may be a computer program product that employs amachine-readable storage medium. A machine-readable storage medium maybe any medium that is capable of storing and/or encoding a sequence ofinstructions for execution by a machine (e.g., a computing device) andthat causes the machine to perform any one of the methodologies and/orembodiments described herein. Examples of a machine-readable storagemedium include, but are not limited to, a magnetic disk, an optical disc(e.g., CD, CD-R, DVD, DVD-R, etc.), a magneto-optical disk, a read-onlymemory “ROM” device, a random access memory “RAM” device, a magneticcard, an optical card, a solid-state memory device, an EPROM, an EEPROM,and any combinations thereof. A machine-readable medium, as used herein,is intended to include a single medium as well as a collection ofphysically separate media, such as, for example, a collection of compactdiscs or one or more hard disk drives in combination with a computermemory. As used herein, a machine-readable storage medium does notinclude transitory forms of signal transmission.

Such software may also include information (e.g., data) carried as adata signal on a data carrier, such as a carrier wave. For example,machine-executable information may be included as a data-carrying signalembodied in a data carrier in which the signal encodes a sequence ofinstruction, or portion thereof, for execution by a machine (e.g., acomputing device) and any related information (e.g., data structures anddata) that causes the machine to perform any one of the methodologiesand/or embodiments described herein.

Examples of a computing device include, but are not limited to, anelectronic book reading device, a computer workstation, a terminalcomputer, a server computer, a handheld device (e.g., a tablet computer,a smartphone, etc.), a web appliance, a network router, a networkswitch, a network bridge, any machine capable of executing a sequence ofinstructions that specify an action to be taken by that machine, and anycombinations thereof. In one example, a computing device may includeand/or be included in a kiosk.

FIG. 10 shows a diagrammatic representation of one embodiment of acomputing device in the exemplary form of a computer system 1000 withinwhich a set of instructions for causing a control system, for examplethe pricing system 200 of FIG. 2, or the product management system 250of FIG. 2B, incorporating a pricing system, to perform any one or moreof the aspects and/or methodologies of the present disclosure may beexecuted. It is also contemplated that multiple computing devices may beutilized to implement a specially configured set of instructions forcausing one or more of the devices to perform any one or more of theaspects and/or methodologies of the present disclosure. Computer system1000 includes a processor 1004 and a memory 1008 that communicate witheach other, and with other components, via a bus 1012. Bus 1012 mayinclude any of several types of bus structures including, but notlimited to, a memory bus, a memory controller, a peripheral bus, a localbus, and any combinations thereof, using any of a variety of busarchitectures.

Memory 1008 may include various components (e.g., machine readablemedia) including, but not limited to, a random-access memory component,a read only component, and any combinations thereof. In one example, abasic input/output system 1016 (BIOS), including basic routines thathelp to transfer information between elements within computer system1000, such as during start-up, may be stored in memory 1008. Memory 1008may also include (e.g., stored on one or more machine-readable media)instructions (e.g., software) 1020 embodying any one or more of theaspects and/or methodologies of the present disclosure. In anotherexample, memory 1008 may further include any number of program modulesincluding, but not limited to, an operating system, one or moreapplication programs, other program modules, program data, and anycombinations thereof.

Computer system 1000 may also include a storage device 1024. Examples ofa storage device (e.g., storage device 1024) include, but are notlimited to, a hard disk drive, a magnetic disk drive, an optical discdrive in combination with an optical medium, a solid-state memorydevice, and any combinations thereof. Storage device 1024 may beconnected to bus 1012 by an appropriate interface (not shown). Exampleinterfaces include, but are not limited to, SCSI, advanced technologyattachment (ATA), serial ATA, universal serial bus (USB), IEEE 1394(FIREWIRE), and any combinations thereof. In one example, storage device1024 (or one or more components thereof) may be removably interfacedwith computer system 1000 (e.g., via an external port connector (notshown)). Particularly, storage device 1024 and an associatedmachine-readable medium 1028 may provide nonvolatile and/or volatilestorage of machine-readable instructions, data structures, programmodules, and/or other data for computer system 1000. In one example,software 1020 may reside, completely or partially, withinmachine-readable medium 1028. In another example, software 1020 mayreside, completely or partially, within processor 1004.

Computer system 1000 may also include an input device 1032. In oneexample, a user of computer system 1000 may enter commands and/or otherinformation into computer system 1000 via input device 1032. Examples ofan input device 1032 include, but are not limited to, an alpha-numericinput device (e.g., a keyboard), a pointing device, a joystick, agamepad, an audio input device (e.g., a microphone, a voice responsesystem, etc.), a cursor control device (e.g., a mouse), a touchpad, anoptical scanner, a video capture device (e.g., a still camera, a videocamera), a touchscreen, and any combinations thereof. Input device 1032may be interfaced to bus 1012 via any of a variety of interfaces (notshown) including, but not limited to, a serial interface, a parallelinterface, a game port, a USB interface, a FIREWIRE interface, a directinterface to bus 1012, and any combinations thereof. Input device 1032may include a touch screen interface that may be a part of or separatefrom display 1036, discussed further below. Input device 1032 may beutilized as a user selection device for selecting one or more graphicalrepresentations in a graphical interface as described above.

A user may also input commands and/or other information to computersystem 1000 via storage device 1024 (e.g., a removable disk drive, aflash drive, etc.) and/or network interface device 1040. A networkinterface device, such as network interface device 1040, may be utilizedfor connecting computer system 1000 to one or more of a variety ofnetworks, such as network 1044, and one or more remote devices 1048connected thereto. Examples of a network interface device include, butare not limited to, a network interface card (e.g., a mobile networkinterface card, a LAN card), a modem, and any combination thereof.Examples of a network include, but are not limited to, a wide areanetwork (e.g., the Internet, an enterprise network), a local areanetwork (e.g., a network associated with an office, a building, a campusor other relatively small geographic space), a telephone network, a datanetwork associated with a telephone/voice provider (e.g., a mobilecommunications provider data and/or voice network), a direct connectionbetween two computing devices, and any combinations thereof. A network,such as network 1044, may employ a wired and/or a wireless mode ofcommunication. In general, any network topology may be used. Information(e.g., data, software 1020, etc.) may be communicated to and/or fromcomputer system 1000 via network interface device 1040.

Computer system 1000 may further include a video display adapter 1052for communicating a displayable image to a display device, such asdisplay device 1036. Examples of a display device include, but are notlimited to, a liquid crystal display (LCD), a cathode ray tube (CRT), aplasma display, a light emitting diode (LED) display, and anycombinations thereof. Display adapter 1052 and display device 1036 maybe utilized in combination with processor 1004 to provide graphicalrepresentations of aspects of the present disclosure. In addition to adisplay device, computer system 1000 may include one or more otherperipheral output devices including, but not limited to, an audiospeaker, a printer, and any combinations thereof. Such peripheral outputdevices may be connected to bus 1012 via a peripheral interface 1056.Examples of a peripheral interface include, but are not limited to, aserial port, a USB connection, a FIREWIRE connection, a parallelconnection, and any combinations thereof.

The foregoing has been a detailed description of illustrativeembodiments of the invention. Various modifications and additions can bemade without departing from the spirit and scope of this invention.Features of each of the various embodiments described above may becombined with features of other described embodiments as appropriate inorder to provide a multiplicity of feature combinations in associatednew embodiments. Furthermore, while the foregoing describes a number ofseparate embodiments, what has been described herein is merelyillustrative of the application of the principles of the presentinvention. Additionally, although particular methods herein may beillustrated and/or described as being performed in a specific order, theordering is highly variable within ordinary skill to achieve methods,systems, and software according to the present disclosure. Accordingly,this description is meant to be taken only by way of example, and not tootherwise limit the scope of this invention.

What is claimed is:
 1. A system for secret sharing for securecollaborative graphical design, the system comprising a secret ownerdevice having at least a processor and a memory, the secret owner devicedesigned and configured to: provide, at the secret owner device, a firstthree-dimensional graphical design, wherein the first three-dimensionalgraphical design includes: a first three-dimensional form including afirst three-dimensional shape and a first dimension set in threedimensions; and a plurality of features including at least a localgeometric feature; generate at least a graphical secret share, whereinthe graphical secret share is a graphical design that contains at leastone feature of the first three-dimensional graphical design but lacks atleast one other feature of the first three-dimensional graphical design,wherein generating the at least a graphical secret share furthercomprises: generating a second three-dimensional graphical form having asecond three-dimensional shape and a second dimension set in threedimensions, wherein the second three-dimensional graphical form isdistinct from the first three-dimensional graphical form; adding the atleast a local geometric feature to the second three-dimensionalgraphical form; and generating the at least a graphical secret share asa function of the second three-dimensional graphical form and the atleast a local geometric feature; and provide the at least a graphicalsecret share to at least a contributor device.
 2. The system of claim 1,wherein the three-dimensional graphical design contains at least aglobal constraint, and wherein the secret owner device is furtherconfigured to generate the graphical secret share by generating at leasta secret share constraint as a function of the at least a globalconstraint.
 3. The system of claim 2, wherein the at least a globalconstraint includes at least a first global constraint and at least asecond global constraint, and the secret owner device is configured togenerate the at least a secret share constraint by generating a singlesecret share constraint as a function of both the first globalconstraint and the second global constraint.
 4. The system of claim 2,wherein the at least a global constraint includes at least a firstglobal constraint and at least a second global constraint, and thesecret owner device is configured to generate the at least a secretshare constraint by: generating a first secret share constraint as afunction of the first global constraint; and generating a second secretshare constraint as a function of the second global constraint
 5. Thesystem of claim 2, wherein the secret share owner is further configuredto: receive, from the contributor device, at least a contributorgraphical design, wherein the at least a contributor graphical designcomprises a modification to the at least a local geometric feature; andgenerate at least a combined graphical design as a function of thethree-dimensional graphical design and the at least a contributorgraphical design.
 6. The system of claim 5, wherein the secret ownerdevice is further configured to compare the at least a contributorgraphical design to the secret share constraint.
 7. A method of secretsharing for secure collaborative graphical design, the methodcomprising: providing, at a secret owner device having at least aprocessor and a memory, a first three-dimensional graphical design,wherein the first three-dimensional graphical design includes: a firstthree-dimensional form including a first three-dimensional shape and afirst dimension set in three dimensions; and a plurality of featuresincluding at least a local geometric feature; generating, at the secretowner device, at least a graphical secret share, wherein generating theat least a graphical secret share further comprises: generating a secondthree-dimensional graphical form having a second three-dimensional shapeand a second dimension set in three dimensions, wherein the secondthree-dimensional graphical form is distinct from the firstthree-dimensional graphical form; adding the at least a local geometricfeature to the second three-dimensional graphical form; generating theat least a graphical secret share as a function of the secondthree-dimensional graphical form and the at least a local geometricfeature; and wherein the three-dimensional graphical design contains atleast a global constraint, and wherein generating the graphical secretshare further comprises generating at least a secret share constraint asa function of the at least a global constraint; and transmitting the atleast a graphical secret share to at least a contributor device.
 8. Themethod of claim 7, wherein the graphical secret share is a graphicaldesign that contains at least one feature of the first three-dimensionalgraphical design but lacks at least one other feature of the firstthree-dimensional graphical design,
 9. The method of claim 7, whereinthe at least a global constraint includes a first global constraint anda second global constraint.
 10. The method of claim 9, whereingenerating the at least a secret share constraint further comprisesgenerating a single secret share constraint as a function of both thefirst global constraint and the second global constraint.
 11. The methodof claim 9, wherein generating the at least a secret share constraintfurther comprises: generating a first secret share constraint as afunction of the first global constraint; and generating a second secretshare constraint as a function of the second global constraint
 12. Themethod of claim 1 further comprising receiving, from the contributordevice, at least a contributor graphical design, wherein the at least acontributor graphical design comprises a modification to the at least alocal geometric feature.
 13. The method of claim 12 wherein themodification further comprises an additional three-dimensional graphicalform matching the local geometric feature.
 14. The method of claim 12further comprising comparing the at least a contributor graphical designto the secret share constraint.
 15. The method of claim 12 furthercomprising comparing the at least a contributor graphical design to theglobal constraint.
 16. The method of claim 12, wherein the at least aglobal constraint includes a first global constraint and a second globalconstraint, and further comprising comparing the at least a contributorgraphical design to the first global constraint and to the second globalconstraint.
 17. The method of claim 12 further comprising generating atleast a combined graphical design as a function of the three-dimensionalgraphical design and the at least a contributor graphical design. 18.The method of claim 17 wherein the three-dimensional graphical designincludes at least a second feature not included in the at least agraphical secret share, and wherein generating the at least a combinedgraphical design further comprises modifying the at least a secondfeature as a function of the at least a contributor graphical design.19. The method of claim 17, wherein the three-dimensional graphicaldesign contains at least a global constraint, and: wherein generatingthe at least a graphical secret share further comprises generating afirst secret share constraint and a second secret share constraint as afunction of the at least a global constraint; wherein receiving the atleast a contributor graphical design further comprises receiving a firstcontributor graphical design matching the first secret share constraintand a second contributor graphical design matching the second secretshare constraint; and wherein generating the at least a combinedgraphical design further comprises: generating a first combinedgraphical design as a function of the three-dimensional graphical designand the first contributor graphical design; and generating a secondcombined graphical design as a function of the three-dimensionalgraphical design and the second contributor graphical design.
 20. Anon-transitory machine-readable storage medium containingmachine-executable instructions for performing a method of secretsharing for secure collaborative graphical design, the methodcomprising: providing, at a secret owner device having at least aprocessor and a memory, a first three-dimensional graphical design,wherein the first three-dimensional graphical design includes: a firstthree-dimensional form including a first three-dimensional shape and afirst dimension set in three dimensions; and a plurality of featuresincluding at least a local geometric feature; generating, at the secretowner device, at least a graphical secret share, wherein generating theat least a graphical secret share further comprises: generating a secondthree-dimensional graphical form having a second three-dimensional shapeand a second dimension set in three dimensions, wherein the secondthree-dimensional graphical form is distinct from the firstthree-dimensional graphical form; adding the at least a local geometricfeature to the second three-dimensional graphical form; generating theat least a graphical secret share as a function of the secondthree-dimensional graphical form and the at least a local geometricfeature; and wherein the three-dimensional graphical design contains atleast a global constraint, and wherein generating the graphical secretshare further comprises generating at least a secret share constraint asa function of the at least a global constraint; and transmitting the atleast a graphical secret share to at least a contributor device.